![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 15%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Windows Autopilot
A collection of Microsoft technologies used to set up and pre-configure new devices and to reset, repurpose, and recover devices.
422 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 34%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Deploying Always On VPN with Autopilot is indeed supported and works quite well. The only requirement is that you must deploy certificates with Intune (root and subordinate CA certificates and the user authentication certificate). For native Entra ID joined devices, you simply deploy the Always On VPN user profile as you would normally. For hybrid Entra ID joined devices, you must also deploy a device certificate along with the device tunnel profile. If using hybrid Entra ID join (not recommended), I suggest deploying your devices with Enterprise Edition. If you must use Professional edition there's additional configuration required. Details here.
https://directaccess.richardhicks.com/2021/04/19/always-on-vpn-and-autopilot-hybrid-azure-ad-join/
Enjoy!